Pdf.Dropper.Agent-5341881-0 PDF malware analysis — malicious · aa752e82ab0dbd0c

MALICIOUS

PDF

5.6 KB Created: 2009-01-10 63:14:00 Authoring application: Jkkss (via Kk22q)

MD5: b562039e2a5f5fb086788bc54d140f70 SHA-1: 0058168b2b5b436b80412fbb96134070da33f8b5 SHA-256: aa752e82ab0dbd0c515b4e51b0606a00b7ff4f3a2b8a460cae4385c472d7c08b

106 Risk Score

Malware Insights

Pdf.Dropper.Agent-5341881-0 · confidence 99%

MITRE ATT&CK

T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and ClamAV as malicious, specifically identified as Pdf.Dropper.Agent-5341881-0. It contains embedded JavaScript, indicating it is designed to execute code. The ML classifier's high confidence score and the ClamAV detection strongly suggest this PDF is a dropper intended to download and execute a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Dropper.Agent-5341881-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-5341881-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0013_001.js` `c00edb07964309d42498417782eb0b271dd66cea5b97537da8403bf15f45f0ed`	pdf-javascript-stream	PDF /JS object 13 at offset 0x37E	38925 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.